<?php

require_once('auth/PasswordHash.php');

define('PHPASS_HASH_STRENGTH', 8);
define('PHPASS_HASH_PORTABLE', false);

/**
 * Oryx Authentication Libary 
 * @version 0.1
 * @author Richard Adams
 */
class Auth
{
	/**
	 * CI Instance
	 * @var string
	 */
	private  $CI;
	/**
	 * The user Table to use for Authentication
	 * @var string
	 */
	private  $user_table = 'ox_users';
	
	/**
	 * Class Constructor
	 * @return 
	 */
	public function __construct()
	{
		$this->CI =& get_instance();
	}
	
	/**
	 * Determines if a user is logged on and if not redirects them to the login page.
	 * @return boolean
	 * @param string $check_case[optional] type of check to carry out
	 * @param string $data[optional] the data is passed to authenticate e.g. username or user level
	 */
    public function check($check_case = null, $data = null)
    {	
		switch ($check_case) {
			case 'only':
				if($this->CI->session->userdata('logged_in')) 		
				{
					return true;
				}
				else
				{
					return false;
				}
			break;
				
			case 'level':
				if($this->CI->session->userdata('user_level') >= $data) 
				{
					return true;
				}
				else
				{
					return false;
				}

			break;
			
			case 'name':
				//Check against user table
				$this->CI->db->where('display_name', $data); 
				$query = $this->CI->db->getwhere($this->user_table);

				if ($query->num_rows() > 0) 
				{	
					return true;
				}
				else
				{
					return false;
				}
				
			break;
			
			default:
				if($this->CI->session->userdata('logged_in')) 		
				{
					return true;
				}
				else
				{
					redirect('authenticate');
				}
				break;
		}
    }
	
	/**
	 * This Authenticates the Users and sets up the session 
	 * @return boolean 
	 * @param string $display_name[optional] Username 
	 * @param string $password[optional] Password 
	 */
	public function login($display_name = '', $password = '') 
	{
		

		if($display_name == '' OR $password == '')
			return false;


		//Check if already logged in
		if($this->CI->session->userdata('display_name') == $display_name)
			return true;
		
		
		//Check against user table
		$this->CI->db->where('display_name', $display_name); 
		$query = $this->CI->db->getwhere($this->user_table);

		
		if ($query->num_rows() > 0) 
		{
			$user_data = $query->row_array(); 
			
			
			if ($user_data['active'] == '0') 
			{
				show_auth_error('lib/auth - account not active');
			}

			$hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);

			if(!$hasher->CheckPassword($password, $user_data['password']))
				return false;

			//Destroy old session
			$this->CI->session->sess_destroy();
			
			//Create a fresh, brand new session
			$this->CI->session->sess_create();
			
			
			$last_log_id = $user_data['user_id'];
			$last_log_data = array('date_last_login' => date('Y-m-d G:i:s'));
			
			$this->CI->db->update($this->user_table, $last_log_data, array('user_id' => $last_log_id));

			//$this->CI->db->simple_query('UPDATE ' . $this->user_table  . ' SET user_last_login = NOW() WHERE user_id = ' . $user_data['user_id']);

			//Set session data
			unset($user_data['password']);
			$user_data['user'] = $user_data['display_name']; // for compatibility 
			$user_data['logged_in'] = true;
			$this->CI->session->set_userdata($user_data);
			
			return true;
		} 
		else 
		{
			return false;
		}	

	}
	
	/**
	 * This destroys the session
	 * @return 
	 */
	public function logout() 
	{			
		$this->CI->session->sess_destroy();
	}
	
	/**
	 * This function encrypt a param and return a string  
	 * @return string the encrypted password
	 * @param string $password
	 */
	public function encrypt_password($password) 
	{
		$hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);
		$password_hashed = $hasher->HashPassword($password);
		return $password_hashed;
	}
	
	/**
	 * 
	 * @return boolean
	 * @param object $password
	 * @param object $encrypted_password
	 */		
	public function check_password($password,$encrypted_password) 
	{			
		$hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);
		$pass_ok = $hasher->CheckPassword($password, $encrypted_password);	
		return $pass_ok;			
	}

}
?>
